Friday, June 16, 2017

This week PacketTotal got a much needed update to the statistics page. Along with the original metrics, the statistics page will now display upload counts spanning a week long period. As with the rest of the site the statistics view is a work and progress and will continue to be improved as the tool matures.

These past two months have been development heavy on multiple fronts. The continued work on a virtual appliance has been slow, as the entire interface needs to be re-worked. Ideas get added to the board, some implemented, others discarded as impractical or unscalable. The processing node itself has also experienced some hiccups in production. I have begun a complete re-write of the underlying agent, with the goal being to be running version 2.0 of the agent, with plug and play Bro scripts by the end of the year. Fortunately, most of the development work on the virtual appliance also benefits packettotal.com, so users can expect a better experience every time they visit the site.

Another soon-to-be-added section of the site will be the archive. The archive will be a static version of packettotal.com, easily indexable and searchable on Google and other search-engines. A continued goal of this site is to make information found within malicious packet-captures easily accessible to the security community. While our built in search has been improved significantly since launch, having static content indexable by major search engines will improve people's ability to locate information within the tool.

The archive will be re-generated on a daily basis, and will also act as a front-end for additional post-processing found inside PCAPs! Initially, the tool will attempt to link high-fidelity malicious IOCs to relevant content on the web -- such as forums posts, recent news, or blog articles. Additional post-processing will leverage an improved version of the cross-search algorithm to link similar PCAPs and allow users to easily pivot between results.